Hello Paul 

first of all thanks for taking the time to help on this............

I will give it a try right now.Thanks again.Bye for now 

Hello Paul 

i was trying this config but i noticed that you have forward all the ports(2727,9300,35300,16000-16511) to 10.10.10.250 which is my pbx's main ip address and for that i only need to forward 9300,2727(UDP),35300(TCP) only but ports RTP 16000-16511 has to be forwarded to PBX's DSP card which has 10.10.10.251 ip not 250.

So now does that mean i need to of these commands 

ip nat inside source static 10.10.10.250 x,x,x,x route-map STAN_rm or can i squeeze in everything in this one command some how? and also when u type x.x.x.x,does that mean thats my subnet mask which is 255.255.255.0 ?Please help thanks

Hello

You correct I mis-read you Portsopen.jpg it has varous addressing which I didnt notice

I can see your internal network  - the network you wish to nat from (INSIDE) has a range of 10.10.10.0/24

So can you clatify that you wish to nat from these two hosts 10.10.10.250 and 251 towards hosts 10.10.9.250 and 10.10.9.251 via the dialer 0 interface ( outside)

res
Paul

Hello Paul

Both of them are my internal netwroks at two different locations but that's just an example for you.

So in my lab I have 10.10.10.0/24 as internal network but at one of my clients has 10.10.9.0/24 as internal network

 it for port forwarding I want to use any of these let's say 10.10.10.0 because I have that in lab and I have two real separate internet connection to make real test.So the WAN (outsode) are UNKNOWN because those 2 to 3 locations are remote users working from their homes.So I don't know even if they have static IPs or not.So we have only know our internal network but from outside it could any public ip we don't know.

We know that we have WAN Static ip and our internal range for dhcp but outside world is unknown.

so I want to nat 35300(tcp) and 2727,9300(UDP) towards 10.10.10.250 (PBX)

also16000-16511(UDP) towards 10.10.10.251(Pbx's DSP card)when the request comes from outside world.

thanks

Hello

thanks for the clarification 

try this then;

ip access-list extended STAN_acl
permit udp host 10.10.10.250 eq 2727 any
permit udp host 10.10.10.250 eq 9300 any
permit tcp host 10.10.10.250 eq 35300 any

route-map STAN_rm
match ip address STAN_acl

ip nat inside source static 10.10.10.250 (next hop ip) route-map STAN_rm

ip access-list extended STAN2_acl
permit udp host 10.10.9.251 range 1600 16511 any

route-map STAN2_rm
match ip address STAN2_acl

ip nat inside source static 10.10.9.251 (next-hop ip) route-map STAN2_rm

Nots: the next hop ip will  e the addressing obtained y dialer 0

Res

Paul

ok awesome Paul

so now when u say the ip addressing obtained by the dialer 0 that means my static ip which i recieved for my pppoe settings from my ISP,am i right ?

so in that case the command will look something like this......

ip nat inside source static 10.10.10.9.251 165.154.120.96 route-map STAN_rm

 and for the RTP ports the second acl route-map will look like this

ip nat inside source static 10.10.10.251 165.154.120.96  route-map STAN2_rm

and also i guess that was again typo error when u mentioned the second acl u have put 10.10.9.251 instead of 10.10.10.251 

Thanks again Paul i will try this today.

Hello Paul

so i tried these commands today but no luck.

so when i give all those commands the router seems to take all of the commands but when i go back and run show run command than i dont see my second entry for the route map,i only see the very first entry which is this...........(ip nat inside source static 10.10.10.9.251 165.154.120.96 route-map STAN_rm)  but the other entry does not even appear.

and also when i do these commands the router puts 10 behind both of these commands like this 

route-map STAN_rm permit 10

match ip address STAN_acl

route-map STAN2_rm permit 10

match ip address STAN2_acl

So maybe becuase of the 10 behind these thats why it didn't work.

and just so u know i tried resting the cisco 871 twice and did static statements for the ports 2727,9300(udp) and 35300(tcp) and i noticed as soon as i do these statements the remote phones registers with the pbx and starts working but NO AUDIO on any side.

But up to that point i have gone long ago.my only issues is the RTP ports from 16000-16511 for sip.thats it.

THANKS